About a month ago, you heaved a sigh of relief. The deadline for compliance with the new mortgage rules had come, and your bank seemed ready. Now, you just have the rest of the future to worry about.
But seriously, compliance with the new mortgage rules was just one more deadline—albeit a big one. A community bank compliance officer today has to manage a successful program in the face of factors, such as:
• A shifting compliance paradigm.
• A barrage of regulatory issuances every day.
• Monitoring and auditing.
• Exam management.
• The need to support the bank’s strategy and interaction with business units and marketing.
• The need to meet ongoing demands, including vendor management, employee questions, customer complaints, product development, and change management.
I have been in compliance for 25 years, and I have never seen things so challenging on so many fronts. It would be easy for community bank compliance officers, besieged on every side, to get glassy-eyed.
No formulas here. But the following collection of strategies and tips includes some favorites that have stood the test of time, and others that reflect the compliance picture that has been emerging over the past two or three years. Also underpinning much of this is the need for compliance to become an equal player in planning and prioritization. As the hard and soft costs for not complying grow, compliance must be at the table. And compliance officers must keep proving themselves to stay at that table.
1. Take a risk-based approach to everything. A simple conversation about the compliance risk presented by a product, program, or practice helps prioritize a given issue and manage resources accordingly. (The conversation can be documented at another time.)
Remember, where there are compliance risks, other risks lurk. Compliance risk can no longer be effectively managed in a silo. Have the compliance risk conversation in the context of all risks. Rate the compliance risk—and its urgency—in the context of other risks the bank faces and the bank’s strategy. This communicates to decision-makers that you do not simply “cry wolf,” and it will get you the attention you need when you need it.
2. Continue to educate and communicate. You have to do this up, down, and sideways.
This practice includes the board of directors, senior management, and middle management. Work with your bank’s trainer—if you don’t also wear that hat—to integrate the compliance message as well as requirements wherever possible.
If you train frequently enough, you will not be the only one having the compliance conversation. Others will begin having it—even when you are not around.
For employees who have daily compliance tasks, I have found it helpful to enroll them in industry webinars. The webinars expose them to questions from bankers at other institutions as well as other speakers.
3. Understand and communicate the skills necessary to effectively perform compliance-related tasks. Daily tasks that include a compliance component—such as monitoring for compliance with loan documentation requirements—require employees who have confidence, analytical skills, and communication skills. They must be able to question anomalies, research them, and escalate them where appropriate.
Also, ask how effectively current job descriptions reflect compliance responsibilities and the skills necessary to perform the required tasks.
4. When training or communicating, focus on the takeaways for each constituency. Don’t fall into the habit of giving your standard “spiel” on an issue for all audiences. Tailor the message to each one.
To illustrate this, let’s look at your work with the bank’s board. First, the takeaways for the board will be different from those for middle management. For the board, the message should be less about the specific regulations—and regulation specifics—and more about the compliance environment and risks. Typically, you have less time with the board, so stick to the overall view and focus on what the bank needs to do to manage risks.
By contrast, with middle management, it’s more about understanding the requirements of the regulations and how to integrate them into ongoing processes, and monitoring performance. Remember, you want them to “own” compliance.
Sometimes, the needs of audiences come together. If you have not already done so, dedicate a board and senior-management training session to the new compliance paradigm: customer risk.
5. Meet regularly with managers of functional areas that manage more significant compliance risks. A one-hour weekly meeting helps to develop a working relationship. This kind of meeting also helps each manager learn the others’ communication and working styles.
There will be times when you are working with managers to address significant compliance issues, such as regulatory implementations or managing an exam or a serious issue. The trust that you have established during the regular, weekly meeting will pay off in a less-stressful experience for all concerned.
In addition, knowing there is a regular meeting increases efficiency as issues that arise between meetings can be addressed without disrupting daily management of the department. The weekly meeting also is a great opportunity to do post-issue triage.
6. Build your budget. Adding staff can be hard, even with increasing compliance burdens. If you can’t get more people, aim for approval of a consulting budget. Budget for consultants for some task-based issues, such as reviews of marketing and advertising, and for compliance audits or monitoring, which are big time-burners.
Build in separate budget dollars for compliance counsel hours, and, if there is software or other technology that can make you more efficient, consider asking for it.
7. Establish expectations and force yourself to tier tasks by urgency. Working in compliance today can feel like chasing a runaway train. We face deadlines on every side—all seemingly of the same urgency.
But is this really the case? Can some deadlines be managed? The risk conversation discussed earlier can be helpful here. This also means pulling in some of the “Teflon” types who think compliance isn’t one of their issues. At some point, they, too, must be part of the compliance discussion—and the solution.
8. Become involved in establishing and communicating enterprise processes. Related to the previous strategy, establish a relationship with your project management team and other enterprise functions in order to fully integrate compliance into all affected areas. I call this “decentralizing compliance.” The other staff functions share your goal of integrating important processes across the enterprise and instilling the discipline to adhere to them.
Take a leadership role and participate in the development and communication of enterprise processes—such as vendor management, risk management, consumer complaint management, or change management—instead of being brought in at the end and being told what the process will be.
9. Be known for your cooperative spirit. If you have survived compliance this far, you have figured out how to be a team player.
But do others still roll their eyes when you enter the room? Change that by saying, “Let’s figure out how we can do this.”
10. Review your compliance management framework and clearly communicate accountabilities. In a fast-paced, ever-changing environment, it is important for all employees to understand their roles within your bank’s compliance governance framework. Think about it: Does your framework support the customer risk approach to compliance management? If there have been changes within the organization, are roles and responsibilities still clear?
11. Get away from your desk. Network and stay in touch and informed. If you are not already doing this, leave the bank for a few days to attend a national or regional compliance conference. Learn the technical compliance information that you need as well as what’s on the horizon. You can benefit from learning many different perspectives on how to approach compliance challenges. This is no time to go it alone.
The compliance officer across town or in another state may have the answer you need. Share your expertise and the resources you have developed. Learn your colleague’s special areas of knowledge and draw on them when you need a quick answer or a sounding board. Compliance is not a competitive sport. And in these days of increased attention to reputation risk, we should remember that a black eye on one bank reflects badly on all banks when it hits the media.
12. Take your seat. It’s waiting. Compliance is now front and center. The seat at the table—the one that all of us, historically, have said we need to claim—is open.
The foundation you have established over the years should support you as you cope with the new and fast-paced compliance environment, where there is no relief in sight.
These tips and strategies are less about understanding the regulations and more about lessons learned; striving to be a good listener, communicator, and team player; encouraging the stakeholders to own compliance; and building great relationships established with compliance colleagues around the country.
About the author
Ana M. Foster is vice-president and risk and compliance officer at $1.4 billion-assets Cambridge (Mass.) Trust Co.